package net.wangds.web.security.config;
/*

import com.mgcc.utils.SpringUtils;
import net.wangds.auth.module.Anonymous;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.BeanIds;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.session.SessionInformationExpiredStrategy;

import java.util.List;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Value("${net.wangds.security.enableCros:false}")
    private boolean confEnableCros;

    @Value("${net.wangds.security.loginService:/auth/login}")
    private String confLoginService;


    @Value("${net.wangds.security.logoutService:/auth/logout}")
    private String confLogoutService;



    @Value("${net.wangds.security.maxSessionCount:1}")
    private int maxSessionCount;



    //用户登陆服务
    private final UserDetailsService mmSrvUserDtail;
    //验证异常
    private final AuthenticationEntryPoint mmCmpAuthEntryPoint;
    //权限异常
    private final AccessDeniedHandler mmAccessDeniedHandler;
    //登陆成功处理
    private final AuthenticationSuccessHandler mmOnAuthenticationSuccess;
    //登陆失败处理
    private final AuthenticationFailureHandler mmOnAuthenticationFailure;
    //登出处理
    private final LogoutSuccessHandler mmOnLogoutSuccess;
    //Session过期策略
    private final SessionInformationExpiredStrategy mmSessionExpiredStrategy;

    @Autowired
    public WebSecurityConfig(UserDetailsService systemUserServiceImpl,
                             AuthenticationEntryPoint onAuthenticationException,
                             AccessDeniedHandler onAccessDenied,
                             AuthenticationSuccessHandler onAuthenticationSuccess,
                             LoginAuthenticationFailureHandler onAuthenticationFailure,
                             LogoutSuccessHandler onLogoutSuccess,
                             SessionInformationExpiredStrategy sessionExpiredStrategy) {
        this.mmSrvUserDtail = systemUserServiceImpl;
        this.mmCmpAuthEntryPoint = onAuthenticationException;
        this.mmAccessDeniedHandler = onAccessDenied;
        this.mmOnAuthenticationSuccess = onAuthenticationSuccess;
        this.mmOnAuthenticationFailure = onAuthenticationFailure;
        this.mmOnLogoutSuccess = onLogoutSuccess;
        this.mmSessionExpiredStrategy = sessionExpiredStrategy;
    }


    @Bean
    public BCryptPasswordEncoder bcCryptPasswordEncoder(){
        return new BCryptPasswordEncoder();
    }

    @Bean(name = BeanIds.AUTHENTICATION_MANAGER)//解决AuthenticationManager不能注入的问题
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(mmSrvUserDtail).passwordEncoder(bcCryptPasswordEncoder());
    }


    */
/**
     * 配置spring security的控制逻辑
     *//*

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        if(maxSessionCount>0) {
            //设置session
            http.sessionManagement()
                    .maximumSessions(maxSessionCount)
                    .expiredSessionStrategy(mmSessionExpiredStrategy);
        }
        // 关闭跨站请求防护
        HttpSecurity sec = http.csrf().disable();

        if(confEnableCros){
            sec =  sec.cors().and();
        }


        //对请求进行认证
        //url认证配置顺序为：
        // 1.先配置放行不需要认证的 permitAll()
        // 2.然后配置 需要特定权限的 hasRole()
        // 3.最后配置 anyRequest().authenticated()
        sec.authorizeRequests()
                .antMatchers("/auth/login1").permitAll()
        .anyRequest().authenticated()
        .and()
                .exceptionHandling()
                .accessDeniedHandler(new JwtAccessDeniedHandler())
                .authenticationEntryPoint(mmCmpAuthEntryPoint)
        .and().formLogin() // 配置登录
                .loginProcessingUrl(confLoginService)//登录url
                .successHandler(mmOnAuthenticationSuccess)
        .failureHandler(mmOnAuthenticationFailure)
        .and()//登出
        .logout()
        .logoutUrl(confLogoutService)
        .logoutSuccessHandler(mmOnLogoutSuccess)
        .permitAll()
        .invalidateHttpSession(false)
        .and()
                .addFilterAt(
                        SpringUtils.getBean(JwtLoginFilter.class),
                        UsernamePasswordAuthenticationFilter.class)

                .addFilterAt(new AnonymousFilter(
                        "ANONYMOUS", new Anonymous(),
                        (List<GrantedAuthority>)new Anonymous().getAuthorities()),
                        AnonymousAuthenticationFilter.class)

                .addFilter(SpringUtils.getBean(JwtAuthenticationTokenFilter.class))
        ;

        //禁用缓存
        http.headers().cacheControl();
    }

}
*/
